Articles

Discussion on reverse-engineering and debugging.
User avatar
EP_X0FF
Global Moderator
Posts: 4812
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Articles

Post by EP_X0FF » Tue Aug 23, 2011 11:52 am

This thread contains links to various topics with articles regarding Windows OS internals RCE, etc.
If you have something interesting you want to share - please do so, list will be updated.
Ring0 - the source of inspiration

User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Articles

Post by rkhunter » Fri Sep 02, 2011 7:53 am

Some rare books from my collection (more of a rarity).
(With the permission of administrators)

1. Schreiber "Undocumented Windows 2000 Secrets" (rus)
http://narod.ru/disk/23706150001/1_ShreiberW2k.zip.html

2. Helen Custer "Inside Windows NT and NTFS" (rus)
http://narod.ru/disk/23706206001/2_Hele ... 0.zip.html

3. Richter, Clark "Programming Server-Side Applications for Windows 2000" (rus)
http://narod.ru/disk/23706360001/3_Riht ... 0.zip.html

4. Airapetyan "Otladchik SoftICE. Podrobny spravochnik"
http://narod.ru/disk/23706402001/4_Aira ... u.zip.html

5. K. Kaspersky "Tehnika setevyh atak"
http://narod.ru/disk/23706450001/5_Kasp ... h.zip.html

6. Brian Carrier "File System Forensic Analysis" (rus)
http://narod.ru/disk/23706545001/6_Krim ... S.zip.html

7. Hoglund, Butler "Rootkits: Subverting the Windows Kernel" (eng)
http://narod.ru/disk/23706584001/7_Hogl ... g.zip.html

8. K. Kaspersky "IDA" (rus)
http://narod.ru/disk/23706634001/8_Kasp ... A.zip.html

9. "SoftICE manual" by Compuware (rus)
http://narod.ru/disk/23706670001/9_Soft ... l.zip.html

0xC0000022L
Posts: 21
Joined: Fri Aug 05, 2011 9:12 pm

Re: Articles

Post by 0xC0000022L » Sun Oct 09, 2011 3:55 pm

The book from Schreiber has been made available from his website as well, along with several programs etc.

User avatar
Vrtule
Posts: 461
Joined: Sat Mar 13, 2010 9:14 pm
Location: Czech Republic
Contact:

Re: Articles

Post by Vrtule » Mon Oct 10, 2011 4:42 pm

Some stuff related to registry internals:

The Internal Structure of the Windows Registry (Peter Norris):
http://amnesia.gtisc.gatech.edu/~moyix/ ... td.uk/MSc/

Windows NT Registry File Format (Timothy D. Morgan)
http://sentinelchicken.com/research/registry_format/ (or google for "Windows NT Registry file format")

Forensic analysis of the Windows registry in memory (Brendan Dolan-Gavitt)
http://www.dfrws.org/2008/proceedings/p ... gavitt.pdf

User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Articles

Post by rkhunter » Tue Oct 11, 2011 8:42 pm

New issue of "The NT Insider" journal:

- Epic Update: Win8 WDK Provides Visual Studio Integration
- Peter Pontificates: Do Christmas Dreams Come True?
- WDK Preview: Installation Through Debugging
- Five Things to LIKE About Visual Studio Integration
- Five Things NOT to Like About Visual Studio Integration
- File System Changes in Win8
- Converting SOURCES-Based Projects to “.VCXPROJ” Format

http://insider.osr.com/2011/ntinsider_2011_03.pdf

User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Articles

Post by rkhunter » Sat Oct 29, 2011 8:24 am

Malware research stuff
A Detail Analysis of an Advanced Persistent Threat Malware - SANS
http://www.sans.org/reading_room/whitep ... ware_33814

User avatar
Vrtule
Posts: 461
Joined: Sat Mar 13, 2010 9:14 pm
Location: Czech Republic
Contact:

Re: Articles

Post by Vrtule » Sat Oct 29, 2011 10:26 am

Quite old, however, very detailed documentation of NTFS on-disk structure. I have uploaded it to my place because I seem to be unable to find the original archive.
http://www.jadro-windows.cz/download/ntfsdoc-0.5.zip

Brian
Posts: 26
Joined: Thu Nov 24, 2011 5:31 am

Re: Articles

Post by Brian » Thu Nov 24, 2011 6:09 am

Interesting. Thanks for sharing guys.

User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Articles

Post by rkhunter » Tue Dec 27, 2011 9:00 am

The "Ultimate" Anti-Debugging reference (Peter Ferrie)
http://pferrie.host22.com/papers/antidebug.pdf

Zer0Flag
Posts: 2
Joined: Wed Oct 12, 2011 6:27 pm

Re: Articles

Post by Zer0Flag » Sat Jan 14, 2012 11:03 am

Some good malware reversing tutorials for beginners

Malware Analysis Tutorial 1 - VM Based Analysis Platform
http://fumalwareanalysis.blogspot.com/2 ... verse.html

Malware Analysis Tutorial 2 - Ring3 Debugging
http://fumalwareanalysis.blogspot.com/2 ... se_31.html

Malware Analysis 3: int2d anti-debugging (Part I)
http://fumalwareanalysis.blogspot.com/2 ... gging.html

Malware Analysis Tutorial 4: Int2dh Anti-Debugging (Part II)
http://fumalwareanalysis.blogspot.com/2 ... -anti.html

Malware Analysis Tutorial 5: Int2d Anti-Debugging Trick (Part III)
http://fumalwareanalysis.blogspot.com/2 ... -anti.html

Malware Analysis Tutorial 6: Analyzing Self-Extraction and Decoding Functions
http://fumalwareanalysis.blogspot.com/2 ... yzing.html

Malware Analysis Tutorial 7: Exploring Kernel Data Structure
http://fumalwareanalysis.blogspot.com/2 ... oring.html

Malware Analysis Tutorial 8: PE Header and Export Table
http://fumalwareanalysis.blogspot.com/2 ... eader.html

Malware Analysis Tutorial 9: Encoded Export Table
http://fumalwareanalysis.blogspot.com/2 ... coded.html

Malware Analysis Tutorial 10: Tricks for Confusing Static Analysis Tools
http://fumalwareanalysis.blogspot.com/2 ... s-for.html

Malware Analysis Tutorial 11: Starling Technique and Hijacking Kernel System Calls using Hardware Breakpoints
http://fumalwareanalysis.blogspot.com/2 ... rling.html


Greetz Zer0

Post Reply